$OpenBSD: patch-encode_c,v 1.4 2010/05/24 22:17:03 espie Exp $
--- encode.c.orig	Sat Oct 31 04:58:47 1998
+++ encode.c	Sat May 22 16:47:47 2010
@@ -24,6 +24,7 @@ url_encode(char **code_map, unsigned char *s)
 	char *buf;
 	unsigned char c, *p;
 	char *m;
+	int len;
 
 	static int one_shot = 1;
 
@@ -43,17 +44,17 @@ url_encode(char **code_map, unsigned char *s)
 
 		cookie_code_map[' '] = "+";
 
-		sprintf(tmp, "%%%02X", ',');
+		snprintf(tmp, sizeof(tmp), "%%%02X", ',');
 		cookie_code_map[','] = strdup(tmp);
 
-		sprintf(tmp, "%%%02X", ';');
+		snprintf(tmp, sizeof(tmp), "%%%02X", ';');
 		cookie_code_map[';'] = strdup(tmp);
 
 		/* for url's, we do full URL encoding.		*/
 		/* non-alphanumerics get turned into hex ...	*/
 		for(i=0; i < 256; i++) {
 			if(isalnum(i) == 0) {
-				sprintf(tmp, "%%%02X", i);
+				snprintf(tmp, sizeof(tmp), "%%%02X", i);
 				url_code_map[i] = strdup(tmp);
 			}
 		}
@@ -78,14 +79,19 @@ url_encode(char **code_map, unsigned char *s)
 	}
 
 	/* each input char can expand to at most 6 chars */
-	buf = zalloc((strlen((char *) s) + 1) * 6);
+	len = (strlen((char *) s) + 1) * 6;
+	if ((buf = zalloc(len)) == NULL) {
+	   fprintf(stderr, "%s:%d malloc failed\n", __FILE__, __LINE__);
+	   exit(-1);
+	}
 
 	for(p = (unsigned char *) buf; (c = *s); s++) {
 		if((m = code_map[c])) {
-			strcpy((char *) p, m);
+			len -= strlcpy((char *) p, m, len);
 			p += strlen(m);
 		} else {
 			*p++ = c;
+			len--;
 		}
 	}
 
